Aadhaar OTP Customer Onboarding on UPI

Introduction of Aadhaar OTP a better and easier way of set /reset UPI and shall address the requirement of those user segments who do not have debit card and would like to on board and experience the UPI platform for making payments.
Aadhaar OTP opens up a safe, secure & convenient alternative on boarding channel thereby increasing digital footprint.
Opens up huge opportunity for banks as well as customers for financial inclusion.

Sr	Card Approach	Aadhaar + OTP
1	User choose option to set UPI Pin using Debit Card Details	User Choose to use Aadhaar OTP authentication.
2	User enters debit card details to set UPI Pin	User enters the Aadhaar details and authenticate.
3	User enters the OTP from Bank	User enters OTP from Bank as well as OTP from UIDAI
4	User sets New UPI Pin	User sets New UPI Pin

Payer PSP Bank

Payer PSP is expected to store and pass the Aadhaar consent of the user.
Payer PSP to fetch first 6 digits of Aadhaar number from the user and match it with the masked format provided by UPI.
Payer PSP will have to adhere to all the Aadhaar related guidelines as specified by UIDAI.
Certification process should be ensured as per existing process
All other guidelines and process should be adhered as per Aadhaar OTP Product note.

All UPI applications

TPAPs, PSPs & Bank Applications should adhere to UIDAI compliances associated with Aadhaar Number
UPI applications should allow customer to set UPI Pin through Aadhaar OTP only if the mobile number is Aadhaar linked and Bank account linked.
Certification and application testing should be ensured as per existing process.
Application should mandatorily have the app pass code for the customer.
Application should undergo audit requirements and approved by the InfoSec Team of NPCI for releasing it to customers.

UIDAI

To validate and authenticate the user for Aadhaar +OTP Onboarding.

Remitter Bank

Issuer/Remitter Bank to check and confirm the Aadhaar link status of the user with Bank account.
Issuer/Remitter Bank to provide the Aadhaar number of the user based on the consent given by user.
Issuer/Remitter Bank to enable new pin basis Aadhaar authentication.
Issuer Bank to adhere all the compliances associated with Aadhaar Number issued by UIDAI
Certification process should be ensured as per existing process.
As a part of customer service (Circular 6 ,2016) it is mandated for all issuing banks to have a call / contact number for customer provided to customer to hotlist his / her mobile number and if customer loses his phone he / she should be able to reach out to bank immediately and hotlist same. on disabling UPI services.

Roles and Responsibilities of Customer

Customer to set UPI Pin through Aadhaar + OTP only after reading and accepting the consent to fetch and authenticate his/ her Aadhaar Details with UIDAI from his Bank account.
Customer should make sure the mobile number linked to his bank account & Aadhaar/ UIDAI are same.
Customer to take necessary actions and inform the provided helpline / contact number of the respective bank immediately and disable UPI services in case is he loses his phone/ in case of any misuse.

Functionality

Will I be able to SET/RESET my UPI PIN using Aadhaar OTP even though I have used Debit card?

Yes, the customer will be able to choose Aadhaar OTP for UPI PIN SET/RESET even though there is a debit card associated with the account provided the customer’s bank is supporting Aadhaar OTP functionality.

What is set UPI PIN?

For any UPI transaction it is mandatory to enter UPI PIN to authorize transaction. SET UPI PIN is the option to set the UPI PIN using customer Debit card /Aadhaar otp

Can I use UPI services even if I do not have debit card issued?

Yes UPI services can be availed using Aadhaar OTP service

How to set UPI Pin using Aadhaar?

Customer can set UPI PIN by using Aadhaar OTP platform validating his first 6 digits of Aadhaar number and entering Aadhaar OTP & Issuer OTP.

Do we need to mandatorily use Aadhaar OTP option to set UPI PIN?

No it is not a mandatory option to set UPI Pin using Aadhaar OTP the choice is with the customer to select between Debit card and Aadhaar.

Do I need to pay for setting UPI Pin using Aadhaar OTP?

No Customer do not want to pay any charges for setting UPI Pin

How do I know that I can use Aadhaar OTP option to set UPI PIN?

Customer will have the option to set UPI PIN using Aadhaar and if customer’s bank doesn’t support it same will be communicated to the customer.

Do I need to use the same mobile number linked to Aadhaar Number for setting UPI PIN?

Yes both the Aadhaar linked mobile number & Bank account linked mobile number should be same.

Does my number gets validated for Setting UPI Pin?

Yes mobile number gets validated at both UIDAI & Issuer (Customers Bank account linked Bank) Bank end

What if I have different mobile numbers linked to bank and Aadhaar card?

If customer has different mobile numbers linked to Aadhaar and bank account the transaction would get terminated

How many OTP will I receive for set UPI pin using Aadhaar?

For setting UPI PIN through Aadhaar Customer would receive two OTP one from UIDAI & other from Issuer Bank.

Can I use this option to reset UPI Pin?

Yes customer can use Aadhaar OTP option to reset UPI Pin.

Can I use this option if my debit card is hot listed?

Yes Customer can use Aadhaar OTP if customers debit card gets hot listed

Why do we need to provide consent to set UPI using Aadhaar?

Customer consent is required to be taken as the Aadhaar number of the customer is being fetched and validated for setting UPI Pin Customer consent has to be taken for every set UPI PIN using Aadhaar.

Will my Aadhaar details be used for any other purpose?

No customers Aadhaar number is being used only for authentication purpose for setting UPI Pin and will be deleted once session is completed.

If I set the UPI Pin using Aadhaar can I reset it using debit card?

Yes it is customer’s choice to opt from debit card and Aadhaar card.

Is there any options to revoke the Aadhaar Consent?

Customer can opt to reset UPI PIN through Debit card instead of Aadhaar there is no revoke consent option.

What is the action to be taken if customer given Aadhaar Consent but Customer Mobile not linked to Aadhaar?

The transaction would get terminated once the same is validated at Req Auth (demo at UIDAI)

What is the action to be taken if customer given Aadhaar Consent but account not linked to Aadhaar?

aeba flag from Issuer end should be passed as N and customer would be communicated about the same.

If UPI triggers ReqOTP to UIDAI and Issuer simultaneously then one end OTP delivered and other end declined then customer may get one OTP and customer may get confused. How to handle such scenario?

Only after success response from UIDAI, UPI would fire Req OTP to Issuer

Whether new NPCI common LIBIRAY will be provided?

Yes CL 1.7

Whether Aadhaar Face/Iris/FP capturing is included in current phase?

No-In Phase 2

Does bank has any charges on same?

Yes Bank has to pay to UIDAI for yes/no authentication .

Is this facility enabled for feature phone users?

NO : As of now only Smart phone users have the functionality to set pin using Aadhaar

What is LK & AUA Code?

License key and AUA code are provided by UIDAI to entities who are AUA with UIDAI .Bank as an AUA should share/pass LK& AUA in the request to UPI and same would be carry forwarded for UIDAI authentication

Testing Scope for Banks

What are the testing scope available?

Bank has below three scope for Aadhaar

Issuer
Acquirer
Issuer & Acquirer

Total Test cases for certification?

Final test cases shared with bank

Can bank run/test all the test cases by themselves?

Bank can use CZ tool for running defined scope of test cases

Is application audit required?

Yes App testing will be required for UI/UX change

What will be the scope for app testing?

Standard checklist applicable, already shared with banks

Standard process of application testing.

Applicable: UAT testing + CUG testing (APP sec and IS approval as per scope)

Live Apps

BHIM
BHIM Cent Pay
BHIM Indus Pay
Phonepe